Definition of subtypes to the category "dangerous"
Posted by Karsten Kaus on 23 June 2016 03:00 PM
|
|
Applies to: eXpurgate, dangerous, categories, file type, file extension, attachment, virus Modified on: 07/05/2016 Description:Emails being classified as 'dangerous' are only potentially dangerous - they may link to the hard drive, contain an executable file, iframes or code snippets. All of these elements could possibly damage a computer system. The category 'dangerous' consists of several sub categories: dangerous.attachment:The email includes an attachment with an extension that is potentially dangerous in a Windows environment (e.g. it opens and is executed by double click). Currently, these file types are considered potentially dangerous and are therefore classified as dangerous.attachment:
ade, adp, app, asp, bas, bat, bhx, cab, ceo, chm, cmd, com, cpl, crt, csr, der, exe, fxp, hlp, hta, inf, ins,isp, its, js, jse,
lnk, mad, maf, mag, mam, mar, mas, mat, mde, mim, msc, msi,
msp, mst, ole, pcd, pif, reg, scr, sct, shb, shs, vb, vbe,
vbmacros, vbs, vsw, wmd, wmz, ws, wsc, wsf, wsh, xxe, docm, xlsm
This is also true if one of the above mentioned attachments is contained in one of the following (password protected) archives:
arj, cab, jar, lha, rar, tar, zip
dangerous.iframe:The email contains the HTML element iframe. dangerous.code:The email contains JavaScript or other elements that are known as being an insecure protocol or linking to local (Windows)drives. dangerous.virus:dangerous.virus-outbreak:Like 'dangerous.attachment' but currently seen in great numbers on Cyren's servers. | |
|